Is MD5 still considered safe for storing application user passwords?

From: planetthoughtful@xxxxxxxxx (Murray)
Date: Wed, 31 Dec 2008 12:02:29 +1000

Hi All,

I've been vaguely aware that more and more effort is going into proving that
MD5 isn't secure anymore, but this article in particular -
http://www.win.tue.nl/hashclash/rogue-ca/ - has me wondering if MD5 is still
safe for storing hashed user passwords?

I realise that article is talking about a very different use of an attack on
MD5, but I'm curious if other developers are still using MD5, or if another
hashing algorithm is considered better?

Many thanks for any advice,

M is for Murray
http://www.ulblog.org

Follow-Ups:
- Re: [PHP] Is MD5 still considered safe for storing application user passwords?
  - From: APseudoUtopia
- Re: [PHP] Is MD5 still considered safe for storing application user passwords?
  - From: Phpster
- Re: Is MD5 still considered safe for storing application user passwords?
  - From: SLerman

Prev by Date: Re: [PHP] Since I speak with some of you more than people I see in person....
Next by Date: Re: Is MD5 still considered safe for storing application user passwords?
Previous by thread: Re: [PHP] PHP telnet server
Next by thread: Re: Is MD5 still considered safe for storing application user passwords?
Index(es):
- Date
- Thread

Relevant Pages

Re: Session variable in JSP/servlet application
... it using md5,then it will be safe ... You can do a password digest with MD5 but not general encryption. ...
(comp.lang.java.programmer)
Re: Is MD5 still considered safe for storing application user passwords?
... safe for storing hashed user passwords? ... MD5, but I'm curious if other developers are still using MD5, or if another ...
(php.general)
Re: if SHA1 and MD5 are cracked...?
... >> same process as the safe version is quite a bit more difficult than just ... > access to the server hosting the file and the MD5 doesn't mean much. ... however in this case it really does not matter if MD5 is broken. ...
(comp.unix.bsd.freebsd.misc)